Fixed in latest grsec-patches: http://grsecurity.net/changelog-stable.txt Changes in grsecurity-2.2.2-2.6.32.45-201108241901.patch: --------------------------------------------------------------- update to latest PaX patch fix broken backport in upstream for ipv6 tunnels, reported by cilly Makefile | 3 ++- arch/x86/kernel/kvm.c | 1 + arch/x86/xen/mmu.c | 2 ++ net/ipv6/ip6_tunnel.c | 4 ++-- tools/gcc/constify_plugin.c | 25 +++++++++++++------------ 5 files changed, 20 insertions(+), 15 deletions(-) I was not able to boot from 2.6.32.44 or .45 cause of broken backport. Kernel panic. Pls, update to latest grsec-patch and remove hardened-sources 2.6.32.44 and 2.6.32.45 not containing latest grsec-patch.
Bug is in upstream kernels: 2.6.32.44 and 2.6.32.45, so vanilla-sources and gentoo-sources may be affected by this bug, too.
linux-source-2.6.32/net/ipv6/ip6_tunnel.c 2011-06-11 21:10:52.000000000 +0200 +++ linux-source-2.6.32/net/ipv6/ip6_tunnel.c 2011-07-14 18:45:59.000000000 +0200 @@ -1465,7 +1465,7 @@ static int __init ip6_tunnel_init(void) { int err; - err = register_pernet_device(&ip6_tnl_net_ops); + err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops); if (err < 0) goto out_pernet; sorry, for not creating an attachment.
@mpagano, while this was hit in hardened-sources and fixed in the grsec patches, it is a vanilla issue and should go into genpatches for 2.6.32.
genpatches-2.6.32-42, which include the patch, released. If it's fixed in hardened, can this bug be closed when the new gentoo-sources-2.6.32 ebuild is out?
please double check patch in genpatches: I copied this from grsec (thx to spender): diff -urNp linux-2.6.32.45/net/ipv6/ip6_tunnel.c linux-2.6.32.45/net/ipv6/ip6_tunnel.c --- linux-2.6.32.45/net/ipv6/ip6_tunnel.c 2011-08-09 18:35:30.000000000 -0400 +++ linux-2.6.32.45/net/ipv6/ip6_tunnel.c 2011-08-24 18:52:25.000000000 -0400 @@ -1466,7 +1466,7 @@ static int __init ip6_tunnel_init(void) { int err; - err = register_pernet_device(&ip6_tnl_net_ops); + err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops); if (err < 0) goto out_pernet; @@ -1487,7 +1487,7 @@ static int __init ip6_tunnel_init(void) out_ip6ip6: xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET); out_ip4ip6: - unregister_pernet_device(&ip6_tnl_net_ops); + unregister_pernet_gen_device(ip6_tnl_net_id, &ip6_tnl_net_ops); out_pernet: return err; } pls, make sure, to correct both lines in genpatches. Btw, this bug isn't solved in 2.6.32.46, too.
:/ Sorry, didn't notice the unregister function. Hopefully, it should be fixed in genpatches-2.6.32-43 Thanks.
Can you let us know that everything is as it should be in gentoo-sources-2.6.32-r36.
(In reply to comment #7) > Can you let us know that everything is as it should be in > gentoo-sources-2.6.32-r36. Both of the changes in Comment 5 are in gentoo-sources-2.6.32-r36. Also, when applying the grsec patches I had a perfect collision between 2000_fix-broken-backport-for-ipv6-tunnels.patch and grsecurity-2.2.2-2.6.32.46-201108301903, ie, they were both trying to make the exact same changes to ip6_tunnel.c. So gentpatches-2.6.32-43 looks good.
I am reading this as we are done here. If I am having reading comprehension issues, please reopen.
Just for the record, bug isn't fixed in upstream kernel 2.6.32.46.
(In reply to comment #9) > I am reading this as we are done here. If I am having reading comprehension > issues, please reopen. Yes, we're done. @cilly, it will take a while before this patch gets backported to a 2.6.32 kernel. Don't hold your breath! However, we'll keep maintaining it until unstream pushes it down to us.
